1997-09-29 - Re: [NTSEC] pgp 5.0 back door

Header Data

From: Anonymous <anon@anon.efga.org>
To: cypherpunks@cyberpass.net
Message Hash: daa3064f15e900726d5bd05848e553108f3a8e5ac1d0eb0eacc4e5a477df9370
Message ID: <60ea750d816659dde629440a5798ee63@anon.efga.org>
Reply To: N/A
UTC Datetime: 1997-09-29 16:36:42 UTC
Raw Date: Tue, 30 Sep 1997 00:36:42 +0800

Raw message

From: Anonymous <anon@anon.efga.org>
Date: Tue, 30 Sep 1997 00:36:42 +0800
To: cypherpunks@cyberpass.net
Subject: Re: [NTSEC] pgp 5.0 back door
Message-ID: <60ea750d816659dde629440a5798ee63@anon.efga.org>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Michael Warfield <mhw@iss.net> writes to Ray Arachelian or somebody:
>...  Phil Zimmerman is an absolute religous fanatic about backdoors!
>When ViaCrypt implimented a commercial escrow feature to give companies the
>ability to issues keys where they had a key escrow, he used that as a reason
>to break their contract.  He had a "no backdoor" clause in the ViaCrypt
>agreement for PGP.  After the US goverment tried to investigate Phil into
>bankruptcy for several years, I seriously doubt he would do ANYTHING
>to assist them except to assist them into a pit somewhere...

The PGP Web site in http://www.pgp.com/products/differences.cgi has a list
of differences between PGP 5.0 (personal PGP) and PGP 4.5.x (corporate
PGP).  The corporate one includes a feature that the private one doesn't
called "message recovery".  Given Phil's fanaticism outlined above, this
presumably isn't any way to get at the plaintext without the user's
knowledge or cooperation, but just what the heck IS it?  I can't find a
description of the feature on-line.  The manual itself is on-line in PDF,
which presumably answers this question for acrobat fans.  I see nothing
about "message recovery" in the hard-copy PGP 4.5 manual.

For the guy who's concerned about backdoors in PGP 5.0 -- there's no
reason to believe there are any.  There's source out there for you to
download, and you can browse it over and compile a copy for yourself.
I recommend buying a legal copy anyway, even if you are going to use
the one you compiled yourself, to encourage makers of strong crypto
for the masses -- if you're getting value, may as well pay for it
and feel good about yourself.

	Salvo Salasio
- --------------------------------------------------------------------------
P.S. For CypherSaber CipherKnights: set your secret decoder ring
to "WriteYourCongressman" to decrypt this:

e91a 46d8 fba9 aaf5 927f 7a3f 1ded 8757 a741 4bb6 5568 3a5a f118 dc2b 11de
ebb3 e873 ffa1 d520 09ea 52b6 65c3 a42a 3d14 befa 0f3e ff09 e09a ad26 f877
aa84 4722 8ac3 770a 0aad 48a0 bf1e 9c51 2b1e a54f 8a7e 3e14 b0d1 3a84 8852
f9db d7ce 73b5 4066 d516 4d77 0395 37e2 b79c 9acd 6107 ecff 72bc e985 0ede
fcf0 eabd b903 9217 a0fc b95d 5ad7 3431 ba73 0d98 360b cef2 f863 ed54 8aa4
b0a9 6ed1 a2bb 8449 346f 1a7f f431 b8cf 95e3 b372 b0f5 c8a9 5ae1 622f d59f
c990 fd6d 3611 bc1e d842 82c7 c112 27d8 8b1e f3d8 f769 a10c d4f7 6360 dea4
f6cf feb3 e8c6 c72b 7b4a 03dc 00c4

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNC/Bm9eed+DWkqwBAQGeNwP+I857P9Tf5fJU6O6ahI3uvxmgM1jFTzJH
E05r7vhOX7oZnosUhYVni7BpYwlfusEyWFs1TzPgDDxnPveNi36mDwSEoD17A0wP
fH4767MUHkNHaVntLBbHBCbKytQKarZC0X1eLa5rvg76WJtP5WBooyLkDbURrJuR
jjQgifCV7hg=
=PIRT
-----END PGP SIGNATURE-----






Thread